*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.14 2002/06/04 23:05:49 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.19 2002/06/26 14:49:36 deraadt Exp $");
#include <openssl/dh.h>
u_int ivinlen;
u_char *ivout;
u_int ivoutlen;
+ u_char *ssh1key;
+ u_int ssh1keylen;
int ssh1cipher;
int ssh1protoflags;
u_char *input;
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
-#ifdef USE_PAM
- {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
-#endif
#ifdef BSD_AUTH
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
void
monitor_sync(struct monitor *pmonitor)
{
- /* The member allocation is not visible, so sync it */
- mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
+ if (options.compression) {
+ /* The member allocation is not visible, so sync it */
+ mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
+ }
}
int
p = buffer_get_string(m, &datlen);
if (datlen != 20)
- fatal("%s: data length incorrect: %d", __func__, datlen);
+ fatal("%s: data length incorrect: %u", __func__, datlen);
/* save session id, it will be passed on the first call */
if (session_id2_len == 0) {
if (key_sign(key, &signature, &siglen, p, datlen) < 0)
fatal("%s: key_sign failed", __func__);
- debug3("%s: signature %p(%d)", __func__, signature, siglen);
+ debug3("%s: signature %p(%u)", __func__, signature, siglen);
buffer_clear(m);
buffer_put_string(m, signature, siglen);
xfree(signature);
xfree(data);
+ auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
+
monitor_reset_key_state();
buffer_clear(m);
buffer_put_int(m, verified);
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
- auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
-
return (verified);
}
set_newkeys(MODE_IN);
set_newkeys(MODE_OUT);
} else {
- u_char key[SSH_SESSION_KEY_LENGTH];
-
- memset(key, 'a', sizeof(key));
packet_set_protocol_flags(child_state.ssh1protoflags);
- packet_set_encryption_key(key, SSH_SESSION_KEY_LENGTH,
- child_state.ssh1cipher);
+ packet_set_encryption_key(child_state.ssh1key,
+ child_state.ssh1keylen, child_state.ssh1cipher);
+ xfree(child_state.ssh1key);
}
+ /* for rc4 and other stateful ciphers */
packet_set_keycontext(MODE_OUT, child_state.keyout);
xfree(child_state.keyout);
packet_set_keycontext(MODE_IN, child_state.keyin);
sizeof(outgoing_stream));
/* Update with new address */
- mm_init_compression(pmonitor->m_zlib);
+ if (options.compression)
+ mm_init_compression(pmonitor->m_zlib);
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
if (!compat20) {
child_state.ssh1protoflags = buffer_get_int(&m);
child_state.ssh1cipher = buffer_get_int(&m);
+ child_state.ssh1key = buffer_get_string(&m,
+ &child_state.ssh1keylen);
child_state.ivout = buffer_get_string(&m,
&child_state.ivoutlen);
child_state.ivin = buffer_get_string(&m, &child_state.ivinlen);
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
+ int len = size * ncount;
void *address;
- address = mm_malloc(mm, size * ncount);
+ if (len <= 0)
+ fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
+
+ address = mm_malloc(mm, len);
return (address);
}
mon->m_sendfd = pair[1];
/* Used to share zlib space across processes */
- mon->m_zback = mm_create(NULL, MM_MEMSIZE);
- mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
+ if (options.compression) {
+ mon->m_zback = mm_create(NULL, MM_MEMSIZE);
+ mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
- /* Compression needs to share state across borders */
- mm_init_compression(mon->m_zlib);
+ /* Compression needs to share state across borders */
+ mm_init_compression(mon->m_zlib);
+ }
return mon;
}